Accountability and InfoSec - Cyber Security Informer

Hacking Grindr Accounts with Copy and Paste

Troy Hunt

OCTOBER 2, 2020

The vulnerability allow an attacker to hijack any account. On a surface of it, things looked bad: complete account takeover with a very trivial attack. All I needed was for Scott to create an account and let me know the email address he used which in this case, was test@scotthelme.co.uk. Full account takeover.

Accountability

Accountability Hacking Passwords InfoSec

Weekly Update 429

Troy Hunt

DECEMBER 7, 2024

I post lots of pics to my Facebook account , and if none of that is interesting, here's this week's video on more infosec-related topics: References Sponsored by: Cyberattacks are guaranteed. Is your recovery? Protect your data in the cloud. Join Rubrik’s Cloud Resilience Summit.

InfoSec

InfoSec Government Accountability

MY TAKE: Peerlyst shares infosec intel; recognizes Last Watchdog as a top cybersecurity influencer

The Last Watchdog

OCTOBER 3, 2019

Started by infosec professionals, Peerlyst takes the characteristics of B2B communications we’ve become accustomed to on Twitter and LinkedIn and directs it toward cybersecurity. You can do so by submitting an email address or log in with your LinkedIn account. I’m honored to be included. It’s easy to participate on Peerlyst.

InfoSec

InfoSec B2B Cybersecurity Cyber Risk

Thinking About the Future of InfoSec (v2022)

Daniel Miessler

MARCH 20, 2022

The ideas will cover multiple aspects of InfoSec, from organizational structure to technology. At the highest level, I think the big change to InfoSec will be a loss of magic compared to now. HT to Jeremiah Grossman to also being very early to seeing the role of insurance in InfoSec. Accounting is repeatable. The arcane.

InfoSec

InfoSec Insurance Technology Engineering

CIA Dirty Laundry Aired

Schneier on Security

MARCH 10, 2020

And during the trial, a lot of shoddy security and sysadmin practices are coming out : All this raises a question, though: just how bad is the CIA's security that it wasn't able to keep Schulte out, even accounting for the fact that he is a hacking and computer specialist? And the answer is: absolutely terrible. Their justification?

InfoSec

InfoSec Passwords Hacking Accountability

Your Work Email Address is Your Work's Email Address

Troy Hunt

JULY 21, 2021

Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read. Let's start with a poll: At your place of work, does your employer have the right to access the contents of your corporate email account if necessary? Have an affair."

Accountability

Accountability Data breaches Government InfoSec

Account Takeover Risks of Small Businesses: How to Avoid Them

CTOVision Cybersecurity

OCTOBER 27, 2020

Read Ben Hartwig explain how small and medium businesses can avoid account takeover risks on Infosec Magazine: Account takeover seeks to infiltrate an existing account and use them for the […].

Small Business

Small Business Accountability Risk InfoSec

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

NOVEMBER 13, 2024

For example, mine was just one of many tens of thousands of Pfizer email addresses, and that sort of thing is going to raise the ire of some folks in corporate infosec capacities. DemandScience is what we refer to as a "data aggregator" in that they combine identity data from multiple locations, bundle it up, and then sell it.

Data breaches

Data breaches Passwords B2B Technology

Chik-fil-A Investigates 'Suspicious Activity' on Customer Accounts

SecureWorld News

JANUARY 9, 2023

Popular fast food restaurant chain Chik-fil-A recently said it was investigating reports of "suspicious activity" on customer accounts. chik-fil-a.com #cybersecurity #infosec @ChickfilA pic.twitter.com/kWSBpvQCNt — Dominic Alvieri (@AlvieriD). The breach that he mentions apparently involves customer accounts and loyalty points.

Accountability

Accountability InfoSec Media Passwords

Professional services infosec policy template

Notice Bored

MAY 12, 2022

Professional services engagements, and hence the associated information risks, are so diverse that it made no sense to specify particular infosec controls, except a few examples. The policy is generic, pragmatic and yet succinct at just over 2 pages.

InfoSec

InfoSec Risk Accountability Government

Norton 360 Cryptominer, Fake QR Codes on Parking Meters, Facebook Account Deactivation

Security Boulevard

JANUARY 16, 2022

The post Norton 360 Cryptominer, Fake QR Codes on Parking Meters, Facebook Account Deactivation appeared first on The Shared Security Show. The post Norton 360 Cryptominer, Fake QR Codes on Parking Meters, Facebook Account Deactivation appeared first on Security Boulevard.

Accountability

Accountability Antivirus Cryptocurrency Scams

How Spoutible’s Leaky API Spurted out a Deluge of Personal Data

Troy Hunt

FEBRUARY 4, 2024

” This one, as far as infosec stories go, had me leaning and muttering like never before. But fortunately these days many people make use of 2 factor authentication to protect against account takeover attacks where the adversary knows the password. nZNQcqsEYki", Oh wow!

Passwords

Passwords Accountability Backups Data breaches

Cyber Defense Magazine – November 2020 has arrived. Enjoy it!

Security Affairs

NOVEMBER 4, 2020

9TH ANNUAL INFOSEC AWARDSNOW OPEN FOR NOMINATIONS WITH AN INCREDIBLE 5 STAR AWARDS DINNER HELD DURING RSA CONFERENCE 2021 IN SAN FRANCISCO, CA, USA. Click here to read it online in Yumpu. Once a year, during the RSA Conference, we announced the most innovative, hottest, best cybersecurity companies, executives, products and services.

InfoSec

InfoSec DNS Advertising Marketing

Time to Ditch Big-Brother Accounts for Network Scanning

Threatpost

DECEMBER 21, 2021

Yaron Kassner, CTO and co-founder of Silverfort, discusses why using all-seeing privileged accounts for monitoring is bad practice.

Accountability

Accountability InfoSec

No Password Microsoft Accounts, Facebook Smart Glasses, Security.txt Internet Standard

Security Boulevard

SEPTEMBER 26, 2021

The post No Password Microsoft Accounts, Facebook Smart Glasses, Security.txt Internet Standard appeared first on The Shared Security Show. The post No Password Microsoft Accounts, Facebook Smart Glasses, Security.txt Internet Standard appeared first on The Shared Security Show.

Internet

Internet Internet Passwords Accountability

InfoSec Leaders Weigh in on New SEC Rules Making CISO Hotseat Hotter

SecureWorld News

JULY 31, 2023

Cybersecurity professionals have various views on last week's news from the United States Securities and Exchange Commission (SEC) when it surprised the InfoSec community and the C-suites of corporate America. Management is required to connect the dots of cybersecurity impacts on the business.

CISO

CISO InfoSec Risk Cybersecurity

How to Prevent Account Takeovers in 2021

Threatpost

SEPTEMBER 28, 2021

Dave Stewart, Approov CEO, lays out six best practices for orgs to avoid costly account takeovers.

Accountability

Accountability InfoSec

Cryptocurrency exchange BuyUcoin hacked, data of 325K+ users leaked

Security Affairs

JANUARY 25, 2021

The leaked data contains Name, Email, Mobile, bank account numbers, PAN Number, Wallets Details etc. Story – [link] #InfoSec pic.twitter.com/1xFOtLcd8F — Rajshekhar Rajaharia (@rajaharia) January 21, 2021. What if someone used my account in any illegal activity. Trading in #cryptocurrency ?

Cryptocurrency

Cryptocurrency Hacking InfoSec Data breaches

The Underground Economy: Recon, Weaponization & Delivery for Account Takeovers

Threatpost

AUGUST 30, 2021

In part one of a two-part series, Akamai's director of security technology and strategy, Tony Lauro, lays out what orgs need to know to defend against account takeover attacks.

Accountability

Accountability Technology InfoSec

Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass

Security Boulevard

FEBRUARY 5, 2023

Three […] The post Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass appeared first on The Shared Security Show. The post Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass appeared first on Security Boulevard.

Password Management

Password Management Passwords Accountability Phishing

Infosec principles (Hinson tips)

Notice Bored

JUNE 21, 2022

Thinking about the principles underpinning information risk and security, here's a tidy little stack of "Hinson tips" - one-liners to set the old brain cells working this chilly mid-Winter morning: Address information confidentiality, integrity and availability, broadly Address internal and external threats, both deliberate and accidental/natural Celebrate (..)

InfoSec

InfoSec Risk Engineering Accountability

Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser

Security Boulevard

AUGUST 21, 2022

The post Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser appeared first on The Shared Security Show. The post Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser appeared first on Security Boulevard.

Authentication

Authentication Accountability Hacking Ransomware

Navigating the SEC’s Cybersecurity Disclosure Rules: One Year On

Security Boulevard

DECEMBER 30, 2024

As the rules were authorized in late 2023, we shared what we see as the implications for infosec leaders. In partnership with senior executives, they need to pay close attention to the risks their companies face and the strategies those companies put in place to comply. This post explores the impact of these regulations after one year.

Cybersecurity

Cybersecurity Cyber Risk CISO Risk

HP Device Manager flaws expose Windows systems to hack

Security Affairs

OCTOBER 4, 2020

The vulnerabilities have been reported to HP by the infosec researchers Nick Bloor, an attacker could chain the three issues to achieve SYSTEM privileges on targeted devices and potentially take over them. The issue does not impact customers who use Active Directory authenticated accounts. ” reads the HP’s advisory.

Hacking

Hacking Accountability Passwords Advertising

Cisco Secure Workload: Policy-as-Code Is a Win-Win for Everyone

Cisco Security

OCTOBER 29, 2022

The policies are written in the application language and give appropriate controls to developers to write their requirements into the application while the NetSec team ensures full compliance to the infosec policies dictated by the CISO organization. We’d love to hear what you think. Cisco Secure Social Channels.

Digital transformation

Digital transformation InfoSec CISO Accountability

Anonymous Sudan launched a DDoS attack against Telegram

Security Affairs

SEPTEMBER 12, 2023

Anonymous Sudan launched a DDoS attack against Telegram after the company suspended the account of the group. The hacker collective Anonymous Sudan (aka Storm-1359) has launched a distributed denial-of-service (DDoS) attack against Telegram in retaliation for the suspension of their primary account. ” reported SOCRadar.

DDOS

DDOS Accountability InfoSec Hacking

Project Svalbard: The Future of Have I Been Pwned

Troy Hunt

JUNE 10, 2019

Increasingly, I was writing about what I thought was a pretty fascinating segment of the infosec industry; password reuse across Gawker and Twitter resulting in a breach of the former sending Acai berry spam via the latter. accounts (59% of common email addresses had exactly the same password). And so Have I Been Pwned was born.

Data breaches

Data breaches Passwords InfoSec Accountability

The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked

Security Boulevard

JANUARY 21, 2024

Then they switch to the best practices to prevent social media account takeovers, highlighting […] The post The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked appeared first on Shared Security Podcast.

Media

Media Accountability Hacking Scams

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

I seem to be doing most of that activity now on Mastodon , which appears to have absorbed most of the infosec refugees from Twitter, and in any case is proving to be a far more useful, civil and constructive place to post such things. banks are stiffing account takeover victims. A single bitcoin is trading at around $45,000.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

How Fake Accounts and Sneaker-Bots Took Over the Internet

Threatpost

JULY 8, 2021

Jason Kent, hacker-in-residence at Cequence Security, discusses fake online accounts, and the fraud they carry out on a daily basis.

Accountability

Accountability Internet Internet InfoSec

Why Taylor Swift Fans Should Work in Cybersecurity

SecureWorld News

SEPTEMBER 12, 2023

On June 14, 2019, Taylor Swift posted a seemingly random string of text to her social media accounts: gxgjxkhdkdkydkhdkhfjvjfj!!! These skills also happen to apply to information security (infosec) and cyber threat intelligence and research. And you'll leave your first infosec conference with an armful of them.

Cybersecurity

Cybersecurity InfoSec Threat Detection Accountability

Difference between Information Security and Cybersecurity

CyberSecurity Insiders

OCTOBER 3, 2022

Information Security- Protection of information and the information storing systems from unauthorized access accounts to Information Security. The term InfoSec aka Information Security is often used to determine availability of the systems and to protect the data integrity and confidentiality.

Information Security

Information Security Cybersecurity Computers and Electronics InfoSec

Who’s to Blame for Hacked Social Media Accounts, Spoofed Online Meeting Requests and Malware

Security Boulevard

MARCH 10, 2024

In episode 320, Tom and Scott discuss the contentious issue of who is accountable when Facebook or Instagram accounts are hacked, discussing potential failings on both the user’s and Meta’s part.

Media

Media Accountability Hacking Malware

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Through the course of this year, Gartner forecasts that the infosec market will climb 9 percent to $124 billion. The perpetrators deploy botnets to automate the injection of surreptitiously obtained usernames and password pairs until they gain fraudulent access to a targeted account. percent, according to tech consultancy Gartner.

Passwords

Passwords Password Management Internet Internet

Time to Build Accountability Back into Cybersecurity

Threatpost

OCTOBER 18, 2021

Chris Hass, director of information security and research at Automox, discusses how to assign security responsibility, punishment for poor cyber-hygiene and IDing 'security champions' to help small businesses.

Small Business

Small Business Accountability Cybersecurity Information Security

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

“The infosec industry is always trying to distinguish [the work] of one APT group from another. ” SentinelOne’s Cary said he came to the same conclusion, noting that the Protonmail account tied to the GitHub profile that published the records was registered a month before the leak, on January 15, 2024.

Government

Government Hacking Cyber threats Mobile

Cisco was hacked by the Yanluowang ransomware gang

Security Affairs

AUGUST 10, 2022

The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed that threat actors compromised a Cisco employee’s credentials after they gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized. ” reads the analysis published by Cisco Talos.

Ransomware

Ransomware Hacking VPN Phishing

Business Must Change: InfoSec in 2019

The Falcon's View

JANUARY 3, 2019

Consider, if you will, that fundamentally we in infosec want people to make better decisions. However, when people are empowered to make their own decisions and are held accountable for the lasting impacting , then and only then will they start adopting more of a caretaker mentality and start considering long-term impacts.

InfoSec

InfoSec Engineering Digital transformation CISO

NBlog July 23 - infosec roles & responsibilities

Notice Bored

JULY 23, 2020

As I'm drafting the procedure, I'm itching to mention related aspects such as governance, accountability, access control, competence, oversight, monitoring, resilience and more. but those would be distracting details.

InfoSec

InfoSec Risk Accountability Government

Microsoft releases IOC Detection Tool for Microsoft Exchange Server flaws

Security Affairs

MARCH 6, 2021

Microsoft revealed that at least one China-linked APT group, tracked as HAFNIUM , chained these vulnerabilities to access on-premises Exchange servers to access email accounts, and install backdoors to maintain access to victim environments. Cyber #Cybersecurity #InfoSec — US-CERT (@USCERT_gov) March 6, 2021.

InfoSec

InfoSec Hacking Accountability Cybersecurity

Launching the First “Yomi Hunting” Challenge!

Security Affairs

FEBRUARY 17, 2020

About a year ago, we publicly released the Yomi Hunter sandbox for a few simple reasons: in Yoroi we believe in the InfoSec community value, we think it plays a central role in the fight of cyber-threats and we feel the need to support it. . Well, how to participate? Or just include the “#yomihunter” hashtag to your tweets. How it works?

InfoSec

InfoSec Malware Advertising Cyber threats

Cyber Defense Magazine – February 2021 has arrived. Enjoy it!

Security Affairs

FEBRUARY 2, 2021

9TH ANNUAL INFOSEC AWARDSNOW OPEN FOR NOMINATIONS WITH AN INCREDIBLE SOCIAL MEDIA LIVE BOOST AND VIRTUAL RED CARPET TO CELEBRATE OUR WINNERS, HELD DURING RSA CONFERENCE 2021 IN SAN FRANCISCO, CA, USA. (You can download a PDF version once you open the page flipping version) Do you like Yumpu, an alternative online flipbook version?

InfoSec

InfoSec DNS Media Marketing

Threat Advisory: E-commerce Bots Use Domain Registration Services for Mass Account Fraud

Threatpost

DECEMBER 29, 2021

Jason Kent, hacker-in-residence at Cequence Security, discusses sneaky shopping bot tactics (i.e., domain parking) seen in a mass campaign, and what retail security teams can do about them.

Retail

Retail Accountability InfoSec

"TootRoot" Mastodon vulnerabilities fixed: Admins, patch now!

Malwarebytes

JULY 10, 2023

The other vulnerabilities included cross-site scripting (XSS), potentially used to hijack accounts or impersonate others (CVE-2023-36459), and a technique used for phishing through “verified profile links” (CVE-2023-36462). The final flaw allowed for Denial of Service (DoS) through slow HTTP responses (CVE-2023-36461).

InfoSec

InfoSec Penetration Testing Media Risk

Hacking Grindr Accounts with Copy and Paste

Weekly Update 429

Trending Sources

MY TAKE: Peerlyst shares infosec intel; recognizes Last Watchdog as a top cybersecurity influencer

Thinking About the Future of InfoSec (v2022)

CIA Dirty Laundry Aired

Your Work Email Address is Your Work's Email Address

Account Takeover Risks of Small Businesses: How to Avoid Them

Inside the DemandScience by Pure Incubation Data Breach

Chik-fil-A Investigates 'Suspicious Activity' on Customer Accounts

Professional services infosec policy template

Norton 360 Cryptominer, Fake QR Codes on Parking Meters, Facebook Account Deactivation

How Spoutible’s Leaky API Spurted out a Deluge of Personal Data

Cyber Defense Magazine – November 2020 has arrived. Enjoy it!

Time to Ditch Big-Brother Accounts for Network Scanning

No Password Microsoft Accounts, Facebook Smart Glasses, Security.txt Internet Standard

InfoSec Leaders Weigh in on New SEC Rules Making CISO Hotseat Hotter

How to Prevent Account Takeovers in 2021

Cryptocurrency exchange BuyUcoin hacked, data of 325K+ users leaked

The Underground Economy: Recon, Weaponization & Delivery for Account Takeovers

Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass

Infosec principles (Hinson tips)

Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser

Navigating the SEC’s Cybersecurity Disclosure Rules: One Year On

HP Device Manager flaws expose Windows systems to hack

Cisco Secure Workload: Policy-as-Code Is a Win-Win for Everyone

Anonymous Sudan launched a DDoS attack against Telegram

Project Svalbard: The Future of Have I Been Pwned

The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked

Happy 13th Birthday, KrebsOnSecurity!

How Fake Accounts and Sneaker-Bots Took Over the Internet

Why Taylor Swift Fans Should Work in Cybersecurity

Difference between Information Security and Cybersecurity

Who’s to Blame for Hacked Social Media Accounts, Spoofed Online Meeting Requests and Malware

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Time to Build Accountability Back into Cybersecurity

New Leak Shows Business Side of China’s APT Menace

Cisco was hacked by the Yanluowang ransomware gang

Business Must Change: InfoSec in 2019

NBlog July 23 - infosec roles & responsibilities

Microsoft releases IOC Detection Tool for Microsoft Exchange Server flaws

Launching the First “Yomi Hunting” Challenge!

Cyber Defense Magazine – February 2021 has arrived. Enjoy it!

Threat Advisory: E-commerce Bots Use Domain Registration Services for Mass Account Fraud

"TootRoot" Mastodon vulnerabilities fixed: Admins, patch now!

Stay Connected